more-arw search

Q&A Forum

Audit Question

If an employee can create a transaction in the financial system through a cuff system (done via interface), should they be able to modify that transaction directly in the financial system? Is it separation of duties or internal control issue?


Topic Expert
Bob Scarborough
Title: CEO
Company: Tensoft, Inc.
(CEO, Tensoft, Inc.) |

If the employee can create a transaction (for example an expense report or a corporate purchase) there should be process controls around the transaction. By this I mean there should be an approval process or a rules based approach (can approve up to $$ on specific budget accounts).

Changing a transaction should only be supported up until the point it creates a transaction in your financial system. This is true of any transaction - the audit trail in your financial system should explain all of your reporting and all change to that reporting. A reasonable edit period can be allowed prior to the process control - but you should be able to count on final transactions being final.

The one additional caveat to the above will be any industry specific tracking requirements - for example government and some non-profit systems will require change tracking on any change to an employee transaction.

Vik Agrawal
Title: President & Co-Founder
Company: ExpensePath, Inc.
(President & Co-Founder, ExpensePath, Inc.) |

I think it is both internal control and separation of duties. There should be very limited access to the financial system, whether that is only a few people having any access or very few people having the ability to push/approve a transaction into the general ledger.

For something like expense reports, there should be a an approval process where the submission is locked down and cannot be changed by the submitter once it is being reviewed (they can withdraw and make changes but then it has to go through the approval again). Someone (usually in Finance) should have the last say to make the expense report final and only at that point can it go into the general ledger (and possibly also be ready to be paid).

Products and Companies

Get Free Membership

By signing up, you will receive emails from Proformative regarding Proformative programs, events, community news and activity. You can withdraw your consent at any time. Contact Us.

Business Exchange

Browse the Business Exchange to find information, resources and peer reviews to help you select the right solution for your business.

Learn more

Contribute to Community

If you’re interested in learning more about contributing to your Proformative community, we have many ways for you to get involved. Please email [email protected] to learn more about becoming a speaker or contributing to the blogs/Q&A Forum.